Category: Security

Hip about HIPAA

Female patient at the dentist giving a high-five and looking very happy with her smile design

Dr. Robertson, now retired, was my dentist. He ran a modern dental practice. It was both hip and fun. First, the fun: he always made me laugh. Sometimes, he had to stop the procedure because I was laughing so hard. He remember details about my life, and so did his staff. Shannon, his dental hygienist, always encouraged my progress. How did they remember those details? Was it note taking, a great memory or a HIPAA compliant communications and patient relationship management system? I don’t know. But I always recommended Shannon and Dr. Robertson and his staff because they were excellent in all the ways that mattered. I left their office with a problem solved, a brighter smile and a lighter step. That’s the human “technology” of a great experience.

I Like

What’s hip is that they also used technology to set my appointments. The office sent emails to remind me of my upcoming appointments, and a few years later, based on my preference, switched to text reminders. Sometimes I got texts asking if I’d like an earlier appointment as they had an unexpected opening. And because Dr. Robertson knew I marketed cool technology he would ask me my thoughts about xyz software or technology tools he used. Thanks Dr. Robertson for being great.

Today the modern dental office uses digital patient relationship management (PRM) and HIPAA compliant communication platforms to help their practices run more efficiently.  These systems save money, help staff fill empty seats, send appointment reminders to patients and more. Doctors can make calls from anywhere to their staff on their smartphones to relay patient information. Office managers can automate messages, send funny and informative texts and capture ways patients best engage. But all those digital resources must meet security standards to protect sensitive patient health information.

Meeting those security standards and HIPAA compliance is not complicated. The best technology providers ensure their systems meet regulatory requirements. Janice Janssen, a member of the Academy of Dental Management Consultants (ADMC), offers the following recommendations in her article: Tips for staying ‘hip’ with HIPAA regulations for dental practices:

Create practice HIPAA compliance and security breach policies

Well thought out, written plans are needed to ensure that your practice stays in compliance. Your HIPAA compliance policy should clearly state the responsibilities of your office and each staff member in protecting your patients’ private health information. The policy should clearly outline how your office handles and remediates various kinds of security breaches.

Have a HIPAA privacy officer

The HIPAA Privacy Rule requires certain safeguards to best protect the privacy of your patients’ health information. One safeguard is giving someone the responsibility of overseeing and applying these rules. Large offices may want to hire someone to have this sole responsibility. If you have a small office with a limited budget, then you as the dentist or your office manager can assume this role. Whoever is assigned this job needs to be reliable and organized as well as fully trained on HIPAA laws.

Educate your staff on HIPAA laws

For your practice to stay HIPAA compliant, each employee must know what’s required of them to be compliant. Have your HIPAA privacy officer hold team trainings where employees sign a written agreement that states they’ve fulfilled the required training. Employees can help prevent HIPAA violations and keep the office compliant when they’re educated on what the HIPAA laws are and the consequences of being non-compliant.

Perform regular risk assessments

Security risk analysis is a critical part of maintaining HIPAA compliancy. This helps identify security vulnerabilities in your office and lets you know what actions you need to take to correct and prevent these security violations. Although you can perform these risk assessments on your own, oftentimes it’s more effective when performed by an outside expert, such as Janssen or with the help of HIPAA compliance software.

Use a HIPAA compliant communication system

Ask your technology vendor to provide a HIPAA compliance business associate certificate. If they don’t know what you are talking about, you probably want to try another technology solution with the HIPAA expertise to answer your questions.

RingRx is a phone and patient-staff communication system that’s built specifically for doctors, therapists and providers of health services. RingRx delivers the quality, the value and the simplicity you desire and the security and compliance you need. To learn more, visit our website at www.ringrx.com or call 1-888-980-6860 to speak with RingRx HIPAA compliance certified customer service managers.

 

An App for HIPAA Compliant Communications

doctor examining a baby in a hospital

Now There’s an App for HIPAA Compliant Communications 

Mobile devices like handheld tablets and smartphones with apps for HIPAA compliant communications allow doctors unparalleled flexibility.  But along with the convenience and new uses of photographic and data transmission of patient health information (PHI), every provider must be aware of the legal implications of using these technologies. Now, there’s an app for HIPAA Compliant Communications. Here’s why it’s important.

In an informative article from the Advisory Board, Stacy Cook of Barnes & Thornburg LLP discusses how doctors and therapists can maintain HIPAA compliance as the usage of mobile devices increases among staff and patients. “Mobile devices are not mere cell phones. People often forget that mobile devices are essentially handheld computers where one can easily access and transmit PHI.

For instance, mobile device users transmitting and receiving PHI via public Wi-Fi or email applications on mobile devices are using unsecure mobile networks. This puts PHI at risk of interception. Most mobile devices can take and store photographs, which can be a compliance concern if the pictures violate their privacy. Also, with any mobile device that is relatively small in size, providers must be concerned about misplacement and/or theft resulting in the unintended loss of PHI.

Mobile devices also pose unique storage challenges for providers. This is because individual users can dictate where information is stored. Cloud storage is popular among mobile device users, and users storing PHI in clouds may be putting the cloud provider at risk if a HIPAA business associate agreement is not signed.

To minimize PHI storage liability, most providers now require cloud storage capabilities to be turned off on company-issued mobile devices. However, the major challenge is still managing employees’ and business associates’ personal mobile devices.”

Use a HIPAA Compliant App for PHI Communications

Providers should know that the majority of health-related apps are not HIPAA compliant. Fitness related apps do not need to be HIPAA compliant. But apps that deal with PHI and/or allow providers and patients to communicate with each other must meet the regulatory standard for HIPAA compliance. Ask for credentials and business agreement certifications. Ensure an app supports a HIPAA compliant phone and communication system. Best of all a bundled communication system allows clinicians to choose from a variety of HIPAA-compliant mediums to safely discuss and/or share PHI. It needs to easily integrate with popular office software and EHR systems.

Risk Management Steps

“Providers should develop policies and procedures outlining mobile device usage standards,” states Cook.  “Policies should state whether or not personal mobile device usage is allowed and if so, the usage parameters should be clearly defined. Providers should also be clear as to which party is responsible for security and encrypting the mobile devices. Once mobile device policies are in place, providers should perform periodic audits to ensure that compliance is upheld.”

In Case of a Breach

Cook writes, “Under HIPAA, if the organization is a covered entity (CE) and a breach occurs, then each patient whose PHI was compromised needs to be notified.

Providers should have written policies and procedures in place. They should outline how to investigate a breach and actionable steps to prevent future breaches. Providers must report breaches involving 500 patients or more to the Office of Civil Rights (OCR) at the same time as the patient notifications. For breaches affecting under 500 individuals, providers can submit an annual report to OCR due February of the succeeding year.

Risks of HIPAA Non-compliance?

Under HIPAA, providers can face financial penalties for PHI breaches. The sanctions for enforcement cases range from $100-50,000 per violation with a cap of $1.5 million per calendar year.  Sometimes settlements in excess of this cap occur because the government determined that the violation occurred over a number of years.

A provider’s reputation can also diminish because in addition to reporting to patients and the OCR, CEs are required to report to the media in some situations.”

An App for HIPAA Compliant Communications

RingRx delivers a state of the art HIPAA compliant communications system built specifically to meet help make doctors’ lives easier.  And this includes an app for HIPAA compliant communications relayed on your smartphone. It’s  convenient, secure and delivers high value.

To learn more about a HIPAA compliant for system for doctors, dentists, therapists and clinicians, please visit www.RingRx.com.

RingRx: A Simpler, Better Communication System. One Platform. All Your Devices. HIPAA Compliant and MACRA Ready.

RingRx unifies all digital communication streams from your mobile device, business phone and fax—all into one easy to use dashboard. It simply increases efficiency, helps you improve flexibility, makes patient communications more meaningful with every interaction while reducing errors and cost.

To learn more, call our HIPAA compliance phone and communication system experts at 1-888-980-6860.

What’s VoIP and What’s Smart About a HIPAA Compliant Softphone Anyway?

RingRx HIPAA Compliant Phone System Now Offers an App or Softphone

With the huge growth of mobile and cloud connected telephony, you may have heard about the benefits of a using #VOIP and a #softphone system vs your traditional phone system but what is VoIP and what is a softphone anyway? What are the real benefits? How can  using a softphone positively impact your business, cut costs, unify and secure your communications? RingRx can help you get smart about a HIPAA compliant communication system and now the company has launched an app, a softphone that meets your needs to make calls on the go.

What is VOIP?  For you, the caller, a VoIP phone system works the same way as a traditional Public Exchange phone (PBX). But unlike your landline phone, VoIP phones cost less to use and also give you more functionality than a landline phone. According to the VoIP Report, “VoIP sends voice over the  Internet just like any other data like emails or web browsing gets sent. The data uses “fire and forget” technology. For example, once you dial the number on a VoIP phone, the “line” does not stay open. The data packet containing the phone number gets transmitted and forgotten. The system converts the number into an IP address and moves it along the data stream along with all the other Internet transmissions. Hence, the VoIP line does not stay open. A traditional phone line, once the phone is dialed, remains connected. When the other person picks up the phone, the line stays open. The periods between words or sentences still require the line to remain open. ” With the Internet, if no one speaks then no data packet gets initiated and sent. You are not continually connected. Hence, VoIP is much more efficient at transmitting data or voice.”  In summary, VoIP is less costly, faster and better if…it’s delivered to meet your standards for HIPAA compliance.  Yes, that’s the catch for the medical and mobile health practices. We’ll talk more about that in a moment…but now onto the softphone…a #softphone is a phone that lets you make calls over the internet from a computer or other smart phone device. It is software that acts as a phone interface, allowing you to dial phone numbers and carry out other phone related functions via your touchscreen or by using your mouse, keypad or keyboard on your laptop or desktop.

bannerRX

The softphone is used with VoIP…and is a dynamic and unified way to deliver voice information over the internet. For businesses, the savings are significant. For #doctors and #therapists, the system needs to meet regulatory compliance. 

For doctors on the go, especially those who travel abroad, a HIPAA compliant softphone allows you to conveniently make calls from your smartphones and laptops. It’s also well suited for small and medium size practices– you can cut costs by severing ties with  expensive traditional phone companies. No hardware or upkeep. No IT required. But not all systems are alike. For #healthcare providers, doctors and therapists, your communications must be secure with standards that meet HIPAA compliance. 

RingRx uses the latest voice, web, and mobile technologies to deliver a high-value, user-friendly service to reduce cost and errors and improve convenience. The RingRx VoIP and Softphone system is comprised of several specialized features that target specific pain points unique to physicians, nurses, medical office managers, therapists and their business associates. Presently, the RingRx platform includes a professional grade cloud-based phone system, a smartphone app that adds mobility and convenience, web-based faxing, and an automated on-call system. We provide a web-based user portal to manage the system and more to help you meet requirements for HIPAA and the HITECH Act. The RingRx team’s 20 years experience with traditional on-call solutions provides deep insight into distinct medical and therapist practice needs that cannot be detected by research alone. The RingRx solution – powered by state-of-the-art technology – meets real-world demands.

RingRx is the phone system to keep your data secure and meet regulatory mandates while lowering your phone system costs. Now that’s what’s smart about using the only HIPAA compliant softphone for doctors.

  • Unlimited Local + Long Distance
  • Custom Office Greetings
  • Centralized Message Storage
  • Send Voicemail to Email
  • Link Multiple Locations

heidi 2 retouchTo learn more and try it free, visit RingRx.com. Or contact me at   1-888-980-6860 to set up a call to talk about your specific office needs. We can help simplify your patient-staff communications, save you money on your phone system, increase efficiency and practice management and new this year…grow your business with messaging and more.

 

 

 

 

Is Your Healthcare Data Protected from Employee Hacks?

When we think of healthcare data security, we usually think of intrusions coming from outside our network. And that is a real and serious issue. But what if the intrusion comes from within your own organization? Is that a real concern?

IBM Cyber Security Intelligence Index

According to IBM’s 2016 Cyber Security Intelligence Index, it should be more than a nominal concern. It should be your number one concern, especially if you are in the healthcare industry. And don’t just think computer network. Phone systems for doctors are part of the data network that can be especially vulnerable.

IBM’s data showed that 60% of the attacks targeting secure data come from inside the organization or through the use insider information. Two thirds of those insider attacks are attempted with malicious intent. They weren’t accidents or errors; they were intentional attempts to hack into secure data.

Healthcare Tops the List

Of all the industries covered in the IBM report, the healthcare industry topped the list for cyberattack. Many of the attacks came through misuse of employee security credentials. Sometimes this was direct malicious intent of the employee, but often times it was the result of cyber criminals gaining access to security credentials via email phishing or malware. Stolen devices carried offsite was another source of internal security hacks.

Among IBM clients, there were an average of 3.4 of these types of events recorded each week in 2015. This was a significant increase over the number recorded in 2014. HIPAA regulations address this security issue. Unfortunately, most phone systems are designed for general business use and do not take HIPAA regulations into account.

How RingRx Can Help

RingRx was developed as a phone system for doctors. It is fully HIPAA compliant and secured with professional grade encryption. It is a Cloud PBX system, which means no expensive and disruptive onsite equipment installation. We provide simple, yet effective, data security to keep your data safe.

Download our whitepaper on
What a Phone Upgrade Should Look Like
Find out the shortcomings of "typical" solutions